7 Úno
2018
7 Úno
'18
7:36
Hello,
I'm going to reply here instead of knot-dns-users.
On 7.2.2018 03:24, Yoshi Horigome wrote:
Hello Jay,
Is it ok to understand that it forwards to "192.168.168.1" which is the
local DNS when asking for localnet.mydomain.com
<http://localnet.mydomain.com>?
If it is, perhaps, I think that setting should be done as follows.
--If the request is from eng subnet
if (view:addr('192.168.168.0/24' <http://192.168.168.0/24'>)) then
if (todname('localnet.mydomain.com
<http://localnet.mydomain.com>')) then
- policy.add(policy.suffix(policy.FORWARD('192.168.168.1'),
{todname('localnet.mydomain.com <http://localnet.mydomain.com>')}))
+ policy.add(policy.suffix(policy.STUB('192.168.168.1'),
{{'\8localnet\8mydomain\3com'}}))
else
view:addr('192.168.168.0/24 <http://192.168.168.0/24>',
policy.FORWARD('68.111.106.68'))
end
end
First of all the use of `if` conditions above is incorrect.
Examples of view configuration can be found here:
http://knot-resolver.readthedocs.io/en/latest/modules.html#example-configur…
Second part of view definition is basically a rule from policy module,
which has examples here:
http://knot-resolver.readthedocs.io/en/latest/modules.html#policy-examples
I'm not sure I understood your request correctly, so I will provide
snippets and let you to combine them together.
-- forward all queries for subdomain localnet.mydomain.com to 192.168.168.1
policy.add(policy.suffix(policy.FORWARD('192.168.168.1'),
{todname('localnet.mydomain.com')})
-- forward all queries from 192.168.168.0/24 to 68.111.106.68
view:addr('192.168.168.0/24', policy.all(policy.FORWARD('68.111.106.68')))
This needs to be tested as result will depend on order of modules. I can
see that you have policy before view, so it might just work. Give it a try.
Petr Špaček @ CZ.NIC
I understand that it is policy.STUB if it is version1,
and policy.PASS
if it is version2.
I am sorry if I made a mistake.
Best regards.
Postscript:
It seems that knot resolver's mailing list has been created, so this may
be better.
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users
2018-02-07 4:46 GMT+09:00 Jay Remotti <jremotti(a)ontraport.com
<mailto:jremotti@ontraport.com>>:
I'm getting started with knot resolver and am a bit unclear as to
how this config should be structured.
The result I'm looking for is to forward queries to resolver A if
the source is subnet A; unless the query is for the local domain if
so then query the local DNS.
I've been working with the config below to accomplish this. However
I'm finding that this config will if the request does not match the
local todname and will use root hints if not but will not use the
FORWARD server.
Ultimately, this server will resolve DNS for several subnets and
will forward queries to different servers based on the source subnet.
Would someone mind pointing me in the right direction on this, please?
for name, addr_list in pairs(net.interfaces()) do
net.listen(addr_list)
end
-- drop root
user('knot', 'knot')
-- Auto-maintain root TA
modules = {
'policy', -- Block queries to local zones/bad sites
'view', --view filters
'hints', -- Load /etc/hosts and allow custom root hints
'stats',
}
-- 4GB local cache for record storage
cache.size = 4 * GB
--If the request is from eng subnet
if (view:addr('192.168.168.0/24' <http://192.168.168.0/24'>)) then
if (todname('localnet.mydomain.com
<http://localnet.mydomain.com>')) then
policy.add(policy.suffix(policy.FORWARD('192.168.168.1'),
{todname('localnet.mydomain.com <http://localnet.mydomain.com>')}))
else
view:addr('192.168.168.0/24 <http://192.168.168.0/24>',
policy.FORWARD('68.111.106.68'))
end
end
855.ONTRAPORT
ontraport.com <https://ontraport.com>
------------------------------------------------------------------------
Get a Demo <https://ontraport.com/demo>| Blog
<https://ontraport.com/blog>| Free Tools <https://ontraport.com/tools>
--
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
<https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users>